Thursday, May 7, 2009

Windows 7 Exploit is a Blast From the Past

Geek.com reports on a "new" exploit found by F-Secure. I put the word new in quotes because it's really a very ancient exploit. I remember when the first scripting viruses came out, they took advantage of two features in Windows. The first was the newly introduced Windows Scripting Host which allowed users to create little files full of commands which would control Windows—in much the same way that DOS batch files control DOS. They also took advantage of the fact that Windows by default hides the extensions of most of the files on your computer. Typically you would receive an email message with an attachment which was supposed to be a picture or a document and was in fact a script full of malicious commands.

This was ten years ago. And this exploit is still possible. At least back then, it was possible to tell that a script was not a real document because Windows would give it an icon which differed from the normal icon it would assign to a real document. For example, a Word document would get a Word icon while a script with fake .doc extension would get a Windows Scripting Host icon. Nowadays, it is more common to use an executable with a fake extension and a proper icon for the document that it purports to be. Of course it still has a second .exe extension which would normally be a dead giveaway save for the fact that Windows will by default hide that second extension, unwittingly helping you get hacked more easily.

Ten years. And Microsoft still won't fix this serious security problem because it supposedly makes your computer easier to use. One of the first things I do with a new computer is to open up the Computer (My Computer in XP and older versions of Windows) item and select Tools | Folder Options. Then I click on the View tab and uncheck everything that Microsoft normally hides. Pretty much everyone who knows something a little bit about computers should do this—it just makes sense.